Giters

360netlab / DGA

Suspicious DGA from PDNS and Sandbox.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

From 360 Sandbox: A new seed of Ranbyus

suqitian opened this issue · comments

commented
  • MD5
    692db19e1ec34d19b3aa269b797bc98d
  • Domains generated on 2016-05-31
    aiwfrmhtxfhaxkfex.in
    tecpvceyyngfpfwph.pw
    yjojydbhexqkeqpco.me
    nxyqfkjibdpuinccm.cc
    gexktciaqidrlawqd.tw
    mbclufyjvjoueskqe.su
    dwmepxvqmooifbmwp.net
    tnegvvkjorcxvcctq.cc
    yoqrrldjtiestoahb.com
    mehdjxwhjaldgraox.me
    wfjymmidagssegpqb.pw
    tbygyweybgvrrjlvj.net
    hvnfydkpxmyuaafnj.in
    uondheemhwjnufrjy.cc
    ddqulbkmxvadafaku.in
    latphoweduhhprqyh.in
    gcqwvbnikfrsdooix.me
    aulkysrwheqyxegdw.tw
    fwvocruubecpvkgfb.cc
    bsnhidqyvxqrxknfd.me
    aoqpyjmhgbluodfcg.su
    fekyvsesiootsjblb.in
    ccqtfiiflirdknxeq.com
    pvnigifbodvvbktdn.net
    khnicxflcjnccrhgp.pw
    fwfwtytdtrafildll.in
    wphndbdkwwbrvsfgl.su
    bsfolmbvdefpxuetg.su
    ihduugnasejvervhn.tw
    wjywvkvmlbltjfpdf.cc
    kealpiegxquxauaya.com
    kfhycrcyntihetsqw.me
    adrkfepxotyvbqpsy.pw
    axrwdinfgtpvmqnjj.su
    cbueowjhbhjrwdxng.me
    jeqndpsewtcuhngho.tw
    emfmrdysypmqeddkf.cc
    lenkdpbagrnyjgpra.com
    vcnalqikrhjfgwdnm.net
    xuwwrccjuoqtyiiky.pw
    kwliqirwfebfsnmyp.com
    ejcdgbaolqodlvxvw.in
    noclgiytxnsstxkum.pw
    kvfdqecumujrscpaf.net
    nbdoivwibivyjvmyw.tw
    irosnoxdjrrmgrqrc.pw
    vanwnfqfddntyvqdx.net
    owtaayyxgwcylhawq.me
    uwpcfhwaoijevbhya.me
    bjqotdcxvlumvddcn.su
    cuyyqnijqelulavkq.cc
    axwwfshpxfwkvtkse.in
    xbavqtrlkgoqbjcdc.su
    kkaigyirqxetjbtur.cc
    ppqfhyhnyoyofhiad.tw
    vxiucmdsevhobgmvt.me
    xqptkreijbvcwvsae.com
    unvxulqebdxdujtbg.tw
    dukhochkheybmfcqv.pw
    uglapusdwbrukogiy.cc
    ghauhdbuuxcdxaqkr.in
    vljfcmofafuiaosdj.net
    mqagkwejnufvnuuad.tw
    bvwkkyewugditfdpe.in
    jofdujjwwlodfvewh.net
    pxrdccbgcuwryyuyg.tw
    jwosdvldxhjwithch.com
    ahofnajdymqfmlclx.com
    mriubbpqxrtmvsmkg.pw
    pxiwfwsxsdwacocpd.com
    tbynbklwehjjxioei.cc
    qoajrdkqbxqgalydw.me
    foksivhtwfapxhcyx.su
    spmmgfmrrsggonsfn.pw
    meknjkutlmtpngpfl.net
    eamkmnysagprwseao.me
    yulvrlubqitlefonr.com
    tcqfridrkomasxqdh.tw
    mkgybhehymibseaex.pw
    kfapvxdqhbqoikjbi.cc
    ftireexfolnncujsi.su
    sotgnbwvqauaydjtd.pw
    qduyrgfifmeofjcwg.in
    bykdoqbmiwvrrrono.su
    mdulppximxqffudgh.net
commented

Seed:
0xbfc60429 (~0x4039fbd6)

Test:

$ python ranbyus_reloaded.py -d 2016-05-31 -s 0xbfc60429
tecpvceyyngfpfwph.pw
aiwfrmhtxfhaxkfex.in
yjojydbhexqkeqpco.me
nxyqfkjibdpuinccm.cc
mbclufyjvjoueskqe.su
gexktciaqidrlawqd.tw
dwmepxvqmooifbmwp.net
yoqrrldjtiestoahb.com
wfjymmidagssegpqb.pw
hvnfydkpxmyuaafnj.in
mehdjxwhjaldgraox.me
tnegvvkjorcxvcctq.cc
lhrdomaqvnibtmrui.su
bmuqsqypblxcqqiht.tw
eydrepgmeiltjncpq.net
yppomkcijheobsnah.com
ioigpydjjnmbgcdvo.pw
uwcolmmuvccqwipuc.in
eonicqhclrlkuffer.me
rvldabbapalvqddyu.cc
urhjquemomfxnavjy.su
vrrsmodmmecvswpsa.tw
uwusdhyeryghgvbfs.net
hiopidloweornepsc.com
teifxlwbyngryhuql.pw
uxhhvhwcodobsogkr.in
ryjxbradyqoufuprt.me
hpoxwsnaoreiguwaw.cc
xadyjoebmejwiwlgr.su
gxgmoefltcuxgsapr.tw
dvqdlksrknscqikoj.net
pyolfipulgcduuqou.com
npbkfsdayetixnfmq.pw
lvgeffdupajvkwhoa.in
rofxufkbwckmlcxif.me
cqlpubcrxoyuraadn.cc
wdbglxraytqqvsjhw.su
ddodlrbrlvwijjhsm.tw
lrujrofbstltrcbdl.net
wkxrkvhyfdolufyid.com

File ranbyus_reloaded.py is here